CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32753
https://notcve.org/view.php?id=CVE-2025-32753
20 Jun 2025 — Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. • https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24919 – Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability
https://notcve.org/view.php?id=CVE-2025-24919
13 Jun 2025 — A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-25215 – Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability
https://notcve.org/view.php?id=CVE-2025-25215
13 Jun 2025 — An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-25050 – Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-25050
13 Jun 2025 — An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24922 – Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2025-24922
13 Jun 2025 — A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability. A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A spe... • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24311 – Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2025-24311
13 Jun 2025 — An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27689
https://notcve.org/view.php?id=CVE-2025-27689
12 Jun 2025 — Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. • https://www.dell.com/support/kbdoc/en-us/000323242/dsa-2025-169-security-update-for-dell-idrac-tools-vulnerabilities • CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36573
https://notcve.org/view.php?id=CVE-2025-36573
12 Jun 2025 — Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000323183/dsa-2025-218 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36576
https://notcve.org/view.php?id=CVE-2025-36576
10 Jun 2025 — Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. • https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36577
https://notcve.org/view.php?id=CVE-2025-36577
10 Jun 2025 — Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. • https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •